jawz/NixOS
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
NixOS/hosts/miniserver/configuration.nix

679 lines
20 KiB
Nix
Raw Blame History

{ config, lib, pkgs, ... }:
let
version = "23.11";
myEmail = "CaptainJawZ@outlook.com";
myName = "Danilo Reyes";
cpuArchitecture = "alderlake";
home-manager = builtins.fetchTarball
# "https://github.com/nix-community/home-manager/archive/master.tar.gz";
"https://github.com/nix-community/home-manager/archive/release-${version}.tar.gz";
unstable = import
(builtins.fetchTarball "https://github.com/nixos/nixpkgs/tarball/master") {
config = config.nixpkgs.config;
};
jawzManageLibrary = pkgs.writeScriptBin "manage-library"
(builtins.readFile ../scripts/manage-library.sh);
jawzTasks =
pkgs.writeScriptBin "tasks" (builtins.readFile ../scripts/tasks.sh);
jawzSubs =
pkgs.writeScriptBin "sub-sync" (builtins.readFile ../scripts/sub-sync.sh);
jawzStream =
pkgs.writeScriptBin "stream-dl" (builtins.readFile ../scripts/stream-dl.sh);
in { # Remember to close this bracket at the end of the document
imports = [
./fstab.nix
./servers.nix
./docker.nix
# ./mail.nix
# ./openldap.nix
# <agenix/modules/age.nix>
(import "${home-manager}/nixos")
];
powerManagement.cpuFreqGovernor = lib.mkDefault "performance";
networking = {
useDHCP = lib.mkDefault true;
enableIPv6 = false;
hostName = "miniserver";
networkmanager.enable = true;
extraHosts = ''
192.168.1.64 workstation
192.168.1.69 server
'';
firewall = let
open_firewall_ports = [
51413 # torrent sedding
9091 # qbittorrent
2049 # nfs
];
open_firewall_port_ranges = [ ];
in {
enable = true;
allowPing = true;
allowedTCPPorts = open_firewall_ports;
allowedUDPPorts = open_firewall_ports;
allowedTCPPortRanges = open_firewall_port_ranges;
allowedUDPPortRanges = open_firewall_port_ranges;
};
};
time.timeZone = "America/Mexico_City";
i18n = {
defaultLocale = "en_CA.UTF-8";
extraLocaleSettings = { LC_MONETARY = "es_MX.UTF-8"; };
};
console = {
font = "Lat2-Terminus16";
keyMap = "us";
# useXkbConfig = true; # use xkbOptions in tty.
};
system = {
copySystemConfiguration = true;
stateVersion = "${version}";
};
nix = let
featuresList = [
"nixos-test"
"benchmark"
"big-parallel"
"kvm"
"gccarch-${cpuArchitecture}"
"gccarch-znver3"
];
in {
gc = {
automatic = true;
dates = "weekly";
};
buildMachines = [{
hostName = "workstation";
system = "x86_64-linux";
sshUser = "nixremote";
maxJobs = 14;
speedFactor = 1;
supportedFeatures = featuresList;
}];
distributedBuilds = true;
settings = {
cores = 3;
auto-optimise-store = true;
trusted-users = [ "nixremote" ];
system-features = featuresList;
substituters = [
"https://nix-gaming.cachix.org"
"https://nixpkgs-python.cachix.org"
"https://devenv.cachix.org"
"https://cuda-maintainers.cachix.org"
];
trusted-public-keys = [
"nix-gaming.cachix.org-1:nbjlureqMbRAxR1gJ/f3hxemL9svXaZF/Ees8vCUUs4="
"nixpkgs-python.cachix.org-1:hxjI7pFxTyuTHn2NkvWCrAUcNZLNS3ZAvfYNuYifcEU="
"devenv.cachix.org-1:w1cLUi8dv3hnoSPGAuibQv+f9TZLr6cv/Hm9XgU50cw="
"cuda-maintainers.cachix.org-1:0dq3bujKpuEPMCX6U4WylrUDZ9JyUG0VpVZa7CNfq5E="
];
};
};
security = {
acme = {
acceptTerms = true;
defaults.email = myEmail;
};
rtkit.enable = true;
sudo = {
enable = true;
wheelNeedsPassword = false;
};
pam.loginLimits = [{
domain = "*";
type = "soft";
item = "nofile";
value = "8192";
}];
};
nixpkgs = {
hostPlatform = lib.mkDefault "x86_64-linux";
config = {
allowUnfree = true;
permittedInsecurePackages = [ "openssl-1.1.1w" ];
};
# localSystem = {
# gcc.arch = cpuArchitecture;
# gcc.tune = cpuArchitecture;
# system = "x86_64-linux";
# };
};
users = {
groups.nixremote = {
name = "nixremote";
gid = 555;
};
users.nixremote = {
isNormalUser = true;
createHome = true;
group = "nixremote";
home = "/var/nixremote/";
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICiyTwryzw8CblPldplDpVUkXD9C1fXVgO8LeXdE5cuR root@workstation"
""
];
};
};
users.users.jawz = {
isNormalUser = true;
extraGroups = [
"wheel"
"networkmanager"
"docker"
"scanner"
"lp"
"piracy"
"kavita"
"render"
"video"
];
initialPassword = "password";
openssh = {
authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB5GaQM4N+yGAByibOFQOBVMV/6TjOfaGIP+NunMiK76 gpodeacerocdreyes@100CDREYES"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMkpeIV9G26W2/e9PsjBx3sNwPGoicJ807ExRGh4KjhW jawz@server"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIH2wtsaMvfEUm//2YnFHyrc16o+TOXXBfIGPJ9nL8RMp jawz@workstation"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINBEblxSDhWPEo33crSjooeUg4W02ruENxHLmmBqCuIo jawz@galaxy"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN6HsajaTL+nTJtSIu00M5WJwgt/7fyU59gBr2R7tbnv root@server"
];
};
packages = (with pkgs; [
hunspell
hunspellDicts.it_IT
hunspellDicts.es_MX
hunspellDicts.en_CA
symbola
unstable.yt-dlp # downloads videos from most video websites
unstable.gallery-dl # similar to yt-dlp but for most image gallery websites
fd # modern find, faster searches
fzf # fuzzy finder! super cool and useful
gdu # disk-space utility, somewhat useful
du-dust # rusty du
trash-cli # oop! didn't meant to delete that
eza # like ls but with colors
rmlint # probably my favourite app, amazing dupe finder that integrates well with BTRFS
smartmontools # check hard drie health
jawzManageLibrary
jawzTasks
jawzSubs
jawzStream
(writeScriptBin "ffmpeg4discord"
(builtins.readFile ../scripts/ffmpeg4discord.py))
(writeScriptBin "ffmpreg" (builtins.readFile ../scripts/ffmpreg.sh))
(writeScriptBin "split-dir" (builtins.readFile ../scripts/split-dir.sh))
(writeScriptBin "pika-list" (builtins.readFile ../scripts/pika-list.sh))
(writeScriptBin "run" (builtins.readFile ../scripts/run.sh))
(writeScriptBin "find-dup-episodes"
(builtins.readFile ../scripts/find-dup-episodes.sh))
tldr # man for retards
# SH
bats # testing system, required by Exercism
bashdb # autocomplete
shellcheck # linting
shfmt # a shell parser and formatter
# NIX
expect # keep color when nom'ing
nix-output-monitor # autistic nix builds
nixfmt # linting
cachix # why spend time compiling?
# PYTHON.
(python3.withPackages (ps:
with ps; [
flake8 # wraper for pyflakes, pycodestyle and mccabe
isort # sort Python imports
nose # testing and running python scripts
pyflakes # checks source code for errors
pytest # framework for writing tests
speedtest-cli # check internet speed from the comand line
editorconfig # follow rules of contributin
black # Python code formatter
pylint # bug and style checker for python
])) # base language
]) ++ (with pkgs.python3Packages; [
(buildPythonApplication rec {
pname = "download";
version = "1.5";
src = ../scripts/download/.;
doCheck = false;
buildInputs = [ setuptools ];
propagatedBuildInputs = [ pyyaml types-pyyaml ];
})
(buildPythonApplication rec {
pname = "ffpb";
version = "0.4.1";
src = fetchPypi {
inherit pname version;
sha256 = "sha256-7eVqbLpMHS1sBw2vYS4cTtyVdnnknGtEI8190VlXflk=";
};
doCheck = false;
buildInputs = [ setuptools ];
propagatedBuildInputs = [ tqdm ];
})
# (buildPythonApplication rec {
# pname = "qbit_manage";
# version = "4.0.3";
# src = fetchPypi {
# inherit pname version;
# sha256 = "sha256-7eVqbLpMHS1sBw2vYS4cTtyVdnnknGtEI8190VlXflk=";
# };
# doCheck = true;
# buildInputs = [ setuptools ];
# propagatedBuildInputs =
# [ gitpython requests retrying ruamel-yaml schedule unstable.qbittorrent-api ];
# })
]) ++ (with pkgs.nodePackages; [
# Language servers
dockerfile-language-server-nodejs
yaml-language-server
bash-language-server
vscode-json-languageserver
pyright
markdownlint-cli # Linter
prettier # Linter
pnpm # Package manager
]);
}; # <--- end of package list
home-manager = {
useUserPackages = true;
useGlobalPkgs = true;
users.jawz = { config, pkgs, ... }: {
home.stateVersion = "${version}";
programs.bash = {
enable = true;
historyFile = "\${XDG_STATE_HOME}/bash/history";
historyControl = [ "erasedups" "ignorespace" ];
shellAliases = {
hh = "hstr";
ls = "eza --icons --group-directories-first";
edit = "emacsclient -t";
comic = ''download -u jawz -i "$(cat $LC | fzf --multi --exact -i)"'';
gallery =
''download -u jawz -i "$(cat $LW | fzf --multi --exact -i)"'';
cp = "cp -i";
mv = "mv -i";
mkcd = ''mkdir -pv "$1" && cd "$1" || exit'';
mkdir = "mkdir -p";
rm = "trash";
".." = "cd ..";
"..." = "cd ../..";
".3" = "cd ../../..";
".4" = "cd ../../../..";
".5" = "cd ../../../../..";
dl = "download -u jawz -i";
e = "edit";
c = "cat";
f = "fzf --multi --exact -i";
sc = "systemctl --user";
jc = "journalctl --user -xefu";
open-gallery = ''
cd /mnt/pool/scrapping/JawZ/gallery-dl &&
xdg-open $(fd . ./ Husbands -tdirectory -d 1 | fzf -i)"'';
unique-extensions = ''
fd -tf | rev | cut -d. -f1 | rev |
tr '[:upper:]' '[:lower:]' | sort |
uniq --count | sort -rn'';
};
enableVteIntegration = true;
initExtra = ''
$HOME/.local/bin/pokemon-colorscripts -r --no-title
# Lists
list_root="${config.xdg.configHome}"/jawz/lists/jawz
export LW=$list_root/watch.txt
export LI=$list_root/instant.txt
export LC=$list_root/comic.txt
export command_timeout=30
if command -v fzf-share >/dev/null; then
source "$(fzf-share)/key-bindings.bash"
source "$(fzf-share)/completion.bash"
fi
nixos-reload () {
nixfmt /home/jawz/Development/NixOS/miniserver/*.nix
sudo unbuffer nixos-rebuild switch -I nixos-config=/home/jawz/Development/NixOS/miniserver/configuration.nix |& nom
}
'';
};
xdg = {
enable = true;
userDirs = {
enable = true;
createDirectories = false;
desktop = "${config.home.homeDirectory}";
documents = "${config.home.homeDirectory}/Documents";
download = "${config.home.homeDirectory}/Downloads";
music = "${config.home.homeDirectory}/Music";
pictures = "${config.home.homeDirectory}/Pictures";
templates = "${config.xdg.dataHome}/Templates";
videos = "${config.home.homeDirectory}/Videos";
};
configFile = {
"wgetrc".source = ../dotfiles/wget/wgetrc;
"configstore/update-notifier-npm-check.json".source =
../dotfiles/npm/update-notifier-npm-check.json;
"npm/npmrc".source = ../dotfiles/npm/npmrc;
"gallery-dl/config.json".source = ../dotfiles/gallery-dl/config.json;
"htop/htoprc".source = ../dotfiles/htop/htoprc;
"python/pythonrc".source = ../dotfiles/pythonrc;
"unpackerr.conf".source = ../dotfiles/unpackerr.conf;
};
};
programs = {
helix = { enable = true; };
hstr.enable = true;
emacs.enable = true;
direnv = {
enable = true;
enableBashIntegration = true;
nix-direnv.enable = true;
};
bat = {
enable = true;
config = {
pager = "less -FR";
theme = "base16";
};
extraPackages = with pkgs.bat-extras; [
batman # man pages
batpipe # piping
batgrep # ripgrep
batdiff # this is getting crazy!
batwatch # probably my next best friend
prettybat # trans your sourcecode!
];
};
git = {
enable = true;
userName = "${myName}";
userEmail = "${myEmail}";
};
htop = {
enable = true;
package = pkgs.htop-vim;
};
};
services = {
lorri.enable = true;
emacs = {
enable = true;
defaultEditor = true;
package = pkgs.emacs;
startWithUserSession = "graphical";
};
};
};
};
environment = {
systemPackages = with pkgs; [
wget
jellyfin-ffmpeg # coolest video converter!
mediainfo
dlib
fd
ripgrep
];
variables = rec {
# PATH
XDG_CACHE_HOME = "\${HOME}/.cache";
XDG_CONFIG_HOME = "\${HOME}/.config";
XDG_BIN_HOME = "\${HOME}/.local/bin";
XDG_DATA_HOME = "\${HOME}/.local/share";
XDG_STATE_HOME = "\${HOME}/.local/state";
# DEV PATH
CABAL_DIR = "${XDG_CACHE_HOME}/cabal";
CARGO_HOME = "${XDG_DATA_HOME}/cargo";
GEM_HOME = "${XDG_DATA_HOME}/ruby/gems";
GEM_PATH = "${XDG_DATA_HOME}/ruby/gems";
GEM_SPEC_CACHE = "${XDG_DATA_HOME}/ruby/specs";
GOPATH = "${XDG_DATA_HOME}/go";
NPM_CONFIG_USERCONFIG = "${XDG_CONFIG_HOME}/npm/npmrc";
PNPM_HOME = "${XDG_DATA_HOME}/pnpm";
PSQL_HISTORY = "${XDG_DATA_HOME}/psql_history";
REDISCLI_HISTFILE = "${XDG_DATA_HOME}/redis/rediscli_history";
WINEPREFIX = "${XDG_DATA_HOME}/wine";
PYTHONSTARTUP = "${XDG_CONFIG_HOME}/python/pythonrc";
STACK_ROOT = "${XDG_DATA_HOME}/stack";
# OPTIONS
HISTFILE = "${XDG_STATE_HOME}/bash/history";
LESSHISTFILE = "-";
GHCUP_USE_XDG_DIRS = "true";
RIPGREP_CONFIG_PATH = "${XDG_CONFIG_HOME}/ripgrep/ripgreprc";
ELECTRUMDIR = "${XDG_DATA_HOME}/electrum";
VISUAL = "emacsclient -ca emacs";
WGETRC = "${XDG_CONFIG_HOME}/wgetrc";
XCOMPOSECACHE = "${XDG_CACHE_HOME}/X11/xcompose";
"_JAVA_OPTIONS" = "-Djava.util.prefs.userRoot=${XDG_CONFIG_HOME}/java";
DOCKER_CONFIG = "${XDG_CONFIG_HOME}/docker";
# NVIDIA
CUDA_CACHE_PATH = "${XDG_CACHE_HOME}/nv";
# Themes
# WEBKIT_DISABLE_COMPOSITING_MODE = "1";
CALIBRE_USE_SYSTEM_THEME = "1";
PATH = [
"\${HOME}/.local/bin"
"${XDG_CONFIG_HOME}/emacs/bin"
"${XDG_DATA_HOME}/npm/bin"
"${XDG_DATA_HOME}/pnpm"
];
# needed for tensorflow
# CUDA_PATH = "${pkgs.cudatoolkit}";
# # LD_LIBRARY_PATH = "${pkgs.linuxPackages.nvidia_x11}/lib:${pkgs.ncurses5}/lib";
# EXTRA_LDFLAGS = "-L/lib -L${pkgs.linuxPackages.nvidia_x11}/lib";
# EXTRA_CCFLAGS = "-I/usr/include";
};
};
programs = {
starship.enable = true;
tmux.enable = true;
fzf.fuzzyCompletion = true;
neovim = {
enable = true;
vimAlias = true;
};
gnupg.agent = {
enable = true;
enableSSHSupport = true;
};
};
services = {
# minidlna = {
# enable = true;
# openFirewall = true;
# settings = {
# inotify = "yes";
# media_dir = [
# "/mnt/pool/glue"
# ];
# };
# };
avahi = {
enable = true;
nssmdns = true;
};
fstrim.enable = true;
smartd.enable = true;
btrfs.autoScrub = {
enable = true;
fileSystems = [ "/" "/mnt/pool" ];
};
openssh = {
enable = true;
openFirewall = true;
startWhenNeeded = true;
settings = {
PasswordAuthentication = false;
KbdInteractiveAuthentication = false;
};
};
};
systemd = {
packages = let
pkgs = import (builtins.fetchTarball {
url =
"https://github.com/NixOS/nixpkgs/archive/9957cd48326fe8dbd52fdc50dd2502307f188b0d.tar.gz";
}) { };
myPkg = pkgs.qbittorrent-nox;
in [ myPkg ];
services = {
"qbittorrent-nox@jawz" = {
enable = true;
overrideStrategy = "asDropin";
wantedBy = [ "multi-user.target" ];
};
};
timers = { };
user = {
services = {
"stream@" = {
description = "monitors a stream channel for online streams.";
restartIfChanged = true;
wantedBy = [ "default.target" ];
path = [ pkgs.nix jawzStream ];
serviceConfig = {
Restart = "on-failure";
RestartSec = 30;
ExecStart = "${jawzStream}/bin/stream-dl %I";
};
};
# unpackerr = {
# enable = true;
# restartIfChanged = true;
# description = "Run unpackerr";
# wantedBy = [ "default.target" ];
# serviceConfig = {
# Restart = "on-failure";
# RestartSec = 30;
# ExecStart = "${pkgs.unpackerr}/bin/unpackerr -c /home/jawz/.config/unpackerr.conf";
# };
# };
manage-library = {
enable = true;
restartIfChanged = true;
description = "Run the manage library bash script";
wantedBy = [ "default.target" ];
path = [ pkgs.nix jawzManageLibrary ];
serviceConfig = {
Restart = "on-failure";
RestartSec = 30;
ExecStart = "${jawzManageLibrary}/bin/manage-library";
};
};
tasks = {
restartIfChanged = true;
description =
"Run a tasks script which keeps a lot of things organized";
wantedBy = [ "default.target" ];
path = [ pkgs.nix jawzTasks ];
serviceConfig = {
Restart = "on-failure";
RestartSec = 30;
ExecStart = "${jawzTasks}/bin/tasks";
};
};
qbit_manage = let qbit_dir = "/home/jawz/Development/Git/qbit_manage";
in {
restartIfChanged = true;
description = "Tidy up my torrents";
wantedBy = [ "default.target" ];
path = [ pkgs.python3 pkgs.pipenv ];
serviceConfig = {
Restart = "on-failure";
RestartSec = 30;
ExecStart =
"${qbit_dir}/venv/bin/python3 ${qbit_dir}/qbit_manage.py -r -c ${qbit_dir}/config.yml";
};
};
};
timers = let
streamTimer = {
enable = true;
description = "monitors a stream channel for online streams.";
wantedBy = [ "timers.target" ];
timerConfig = {
OnBootSec = "5min";
OnUnitActiveSec = "65min";
RandomizedDelaySec = 30;
};
};
in {
"stream@johnneal911" = streamTimer // { };
"stream@uk2011boy" = streamTimer // { };
"stream@tommy9x6" = streamTimer // { };
"stream@brocollirob" = streamTimer // { };
"stream@tomayto\\x20picarto" = streamTimer // { };
tasks = {
enable = true;
description =
"Run a tasks script which keeps a lot of things organized";
wantedBy = [ "timers.target" ];
timerConfig = { OnCalendar = "*:0/10"; };
};
manage-library = {
enable = true;
description = "Run the manage library bash script";
wantedBy = [ "timers.target" ];
timerConfig = { OnCalendar = "00:30"; };
};
qbit_manage = {
enable = true;
description = "Tidy up my torrents";
wantedBy = [ "timers.target" ];
timerConfig = { OnCalendar = "*:0/10"; };
};
};
};
};
fonts.fontconfig.enable = true;
hardware = {
cpu.intel.updateMicrocode = lib.mkDefault true;
opengl = {
enable = true;
driSupport = true;
driSupport32Bit = true;
};
};
}
Reference in New Issue View Git Blame Copy Permalink